<?php
class LDAPAuthenticator extends BaseAuthenticator {
	public function authenticate($userId, $password) {
		if (!$userId || !$password) {
			return FALSE;
		}
		
		$ldap = ConfigReaderFactory::getInstance()->getConfigReader(AUTH_CONFIG_FILE)->getConfig()->ldap[0];
		$host = (string) $ldap->host[0];
		$adBrowserDN = (string) $ldap->adBrowserDN[0];
		$adBrowserPwd = (string) $ldap->adBrowserPwd[0];
		$bindDN = (string) $ldap->bindDN[0];
		$filter = (string) $ldap->filter[0];
		$searchFilter = str_replace('%USERID%', $userId, $filter);

		$ds = ldap_connect($host);
		ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
		ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
		
		$ret = ldap_bind($ds, $adBrowserDN, $adBrowserPwd);
		$result = ldap_search($ds, $bindDN, $searchFilter) ;
		$userList = ldap_get_entries($ds, $result);
		if (!isset($userList[0])) {
			return FALSE;
		}
		$userObj = $userList[0];
		$userDN = $userObj['dn'];
		$ok = @ldap_bind($ds, $userDN, $password);
		ldap_close($ds);
		
		return $ok;
	}
}
?>
